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TECHNIQUES FOR SECURING DATA PLOW 
IN INTERNET MULTICASTING 



BACKGROUN D OF THE INVENTION 

P4p,1ri of t-h^ Invention 

The invention relates to telecommunications systems 
and more particularly to securing data flow in Internet 
5 multicasting. 

Description of p lated Art 

many emerging internet applications involve one -to- 
many or many-to-many communications, where one or 
multiple sources are sending to multiple receivers. 
10 Examples are the transmission of corporate messages to 

employees, communication o£ stock quotes to brokers, 
video and audio conferencing for remote meetings and 
telecommuting, and replicating databases and web site 
information. IP Multicast efficiently supports this type 
15 of transmission by enabling sources to send a single copy 

of message to multiple recipients who explicitly want to 
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receive the information. This is far more efficient than 
requiring Che source to send an individual copy of the 
message to each requester (referred to as point-to-point 
unleash) , in which case the number of receivers ia 
5 limited by the bandwidth available to the sender. It is 

also more efficient than broadcasting one copy of the 
message to all nodes (broadcast) on the network, since 
many nodes may not want the message, and because 
broadcasts are limited to a single subnet- 
10 IP Multicasting is a receiver-based concept : a 

receiver joins a particular multicast session group and 
traff i c £ 3 delivered to all members of that group by the 
network infrastructure. The sender does not need to 
maintain a list of receivers. Only one copy of a 
IS multicast message will pass over any link in the network, 

and copies of the message will be made only where paths 
diverge at a router. Thus multicast yields many 
performance improvements and conserves bandwidth end-to- 
end . 

20 IP Multicasting is described in more detail in two 

documents published by the IP Multicast Initiative. The 
first is entitled "How IP Multicast Works" and the second 
is entitled " Introduction to IP Multicast Routing". 
These documents are attached to the specification as 

25 Appendixes A and B r respectively. These documents are 
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hereby incorporated by reference into the specification 

in their entirety. 

A related approach to multicast security using 
encryption of datastreams is known in which a sender 
5 encrypts outgoing information for decryption at a 

receiver. This is commonly done using public key 
encryption techniques . 

Tjie Problems 

IP Multicasting is based on a simple design the 
10 sender simply sends the data to a multicast group address 

and the network automatically sends the data to everyone 
who expressed interest in receiving data on that 
multicast address. A significant problem is that this 
arrangement does not provide any security to data flow, 
IS that is # everyone can listen to a multicast session and 

everyone can send data to multicast sessions. As a 
result, there is no such thing as secure data flow in 
Internet multicasting sessions in the prior art. 
Further, since anyone can send to a multicast session, 
20 the potential for disruption by an interloper is 

significant. 



NUMMARY OP THE INVENTION 

Various aspects of the invention discussed herein 
provide apparatus, systems, processes, and computer 
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program .products for securing data flow in Internet 

Multicasting. This is done by splitting the multicast 
address space into two components, one for public 
multicast and one for private multicast. A public key of 
5 a public/private pair is installed on a domain name 

server or on a certification authority and is associated 
with the multicast address. A user, desiring to join a 
private multicast, provides certain information which is 
encrypted using the private key of the public/private key 
10 pair. Routing functions are typically performed by a 

switch at a node of a switching network or by a router in 
the network or by a computer which has a plurality of 
communications interfaces- As used herein, the term 
"routing element" applies to all. A routing element 
IS receives a join request, obtains the public key and 

compares some non-encrypted information with decrypted 
information for consistency. The routing element also 
performs certain other checks on the join request 
received. Only when the routing element is satisfied 
20 that the join request received is authentic does the 

routing element permit the join and forward the join 
request to the next routing element on the way to the 
source. Techniques are also provided for source-group 
specific joins and leaves which permit one to specify 
25 senders authorized to send to a receiver and to prevent 

unauthorized senders from sending data to the receiver. 
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One embodiment of the invention is directed to a 
routing element for routing multicast information. The 
routing element obtains a public key with which to decode 
part of a multicast join request to verify that a user is 
S authorized to join a private multicast. 

Another embodiment of the invention is directed to 
apparatus for participating in a multicast including a 
processor configured to send a private multicast join 
request . 

Iq Another embodiment of the invention is directed to 

a domain name server which stores records relating a 
multicast network address or alias with a public key of 
a public/private key encryption pair and which sends in 
response to a network address or alias received over a 
15 communications port, a public key corresponding to the 

address or alias. 

Another embodiment of the invention is directed to 
a communications system for multicasting information from 
at least one source to a plurality of receivers. 
20 including a plurality of sub- networks and at least one 

router, connecting at least two sub-networks, configured 
to distinguish between public and private multicasts. 

Another embodiment of the invention relates to a 
method of operating a communications system by providing 
25 a multicast address space having a subspace for public 

multicasts and a subspace for private multicasts. 
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Another ambodiment of the invention relates to a 
method of sending a multicast join request, by sending 
first information including a user identification and an 
optional random key together with an encrypted version of 
5 said first information. 

Another embodiment of the invention relates to a 
method of sending a multicast join request from a user by 
sending a list of bit-masks specifying at least one of a 
group of senders permitted to send to said user and a 
10 group of senders prohibited from sending to said user. 

Another embodiment of the invention relates to a 
method of establishing a private multicast by creating a 
private/public key encryption pair, distributing private 
keys to authorized participants in the multicast; 
15 obtaining a private multicast address; and installing the 

public key for the multicast on a domain name server or 
on a certification authority. 

Other embodiments of the invention relate to 
computer program products for carrying out the techniques 

20 described. 

The foregoing and other features, aspects and 
advantages of the present invention will become more 
apparent from the following detailed description of the 
present invention when taken in conjunction with the 

25 accompanying drawings and Appendices A and B of this 

spec i f ica t ion . 
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gpTEF DESCRIPTTOW OF D RAWINGS 
The objects, features and advantages of the system 
of the present invention will be apparent from the 
following description in which: 
5 Figure 1 is block diagram of an exemplary network 

arrangement linking a plurality of sub-networks in 
accordance with one aspect of the invention. 

Figure 2 is a illustration of how a multicast 
address space may be partitioned into a private multicast 
3.0 address sub-space and public multicast address sub-space, 

in accordance with one aspect of the invention. 

Figure 3 is a database schema showing a typical 
domain name server record in accordance with the prior 
art . 

15 Figure 4 is a database schema of a domain name 

server modified in accordance with one aspect of the 
invention. 

Figure 5 is a diagram illustrating the extensions to 
an Internet Group Management Protocol (IGMP J join request 
20 in accordance with one aspect of the invention. 

Figure 6 is a flow chart of an exemplary router 
process for determining whether to permit or reject an 
IGMP join request in accordance with one aspect of the 
invention. 

25 Figure 7A shows a prior art IGMP join request. 
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Figure 7B shows a prior art extension to the IGMP 
join request of Figure 7A, 

Figure 7C shows an extension to IGMP join requests 
in accordance with one aspect of the invention - 
5 Figure a is a flow chart of a process for setting up 

a private multicast in accordance with one aspect of the 
invention . 

Figure 9A illustrates a computer of a type suitable 
for carrying out the invention. 
L0 Figure 9B illustrates a block diagram of the 

computer of Figure 9 A. 

Figure 9C illustrates an exemplary memory medium 
containing one or more programs usable with the computer 
of Figure 9A. 

15 fJOTATTONS AND NOMENCLATURE 

The detailed descriptions which follow may be 
presented in terms of program procedures executed on a 
computer or network of ' computers . These procedural 
descriptions and representations are the means used by 
20 those skilled in the art to most effectively convey the 

substance of their work to others skilled in the art. 

A procedure is here, and generally, conceived to be 
a self -consistent sequence of steps leading to a desired 
result. These steps are those requiring physical 
25 manipulations of physical quantities. Usually, though 
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not necessarily, these quantities take the £orm of 
electrical or magnetic signals capable of being stored, 
transferred, combined, compared, and otherwise 
manipulated. It proves convenient at times, principally 
5 for reasons of common usage, to refer to these signals as 

bits, values, elements, symbols, characters, terms, 
numbers, or the lilca. It should be noted, however, that 
all of these and similar terms are to be associated with 
the appropriate physical quantities and are merely 
10 convenient labels applied to these quantities. 

Further, the manipulations performed are often 
referred to in terms, such as adding or comparing, which 
are commonly associated with mental operations performed 
by a human operator. No such capability of a human 
15 operator is necessary, or desirable in most cases, in any 

of the operations described herein which form part of the 
present invention; the operations are machine operations. 
Useful machines for performing the operation of the 
present invention include general purpose digital 
20 computers or similar devices. 

The present invention also relates to apparatus for 
performing these operations. This apparatus may be 
specially constructed for the required purpose or it may 
comprise a general purpose computer as selectively 
25 activated or reconfigured by a computer program stored in 

the computer. The procedures presented herein are not 
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inherently related to a particular computer or other 
apparatus. Various general purpose machines may be used 
with programs written in accordance with the teachings 
herein, or it may prove more convenient to construct more 
specialized apparatus to perform the required method 
steps. The required structure for a variety of these 
machines will appear from the description given. 



DKfifTH 1 PTION OF THE PR EFERRED EMBODIMENT 
Figure 1 is a block diagram of an exemplary network 
10 arrangement linking a plurality of sub-networks in 

accordance with one aspect of the invention. As shown in 
Figure 1, a plurality of sub-networka 100A, 100B, 100C 
and 10 OD are connected together oyer routers 110A, HOB 
and HOC. In the network illustrated, domain name server 
IS 130 is resident on sub-network 100B and a certification 

server or authority 150 as resident on sub-network 10QC. 
One or more senders 140 may be the intended source of 
information for the multicast to exemplary user stations 
120A and 120B. 

2 0 Figur* 2 is an illustration of how a multicast 

address space may be partitioned into a private multicast 
address sub-space and public multicast address sub-space. 

The left hand side of Figure 2 represents the total 
multicast address space. That space ranges from 
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224.0.0.0 (in Internet standard dotted decimal notation) 
to 239-255,255.255. Underneath the dotted decimal 
representation is a parenthetical showing eight binary 
bits (bracketed) which corresponds to the numerical value 
of the first component of the dotted decimal notation) . 
Each of the other components of the dotted decimal 
notation represent the value of a corresponding byte in 
& 32 -bit (4 byte) address space utilized by the Internet. 
The notation of a binary value 1 or 0 separated by dots 
from another representation of the same binary value 
represents an indication that the remaining bits of the 
32-bit address word have only those binary values 
contained therein. One of the important extensions to 
the multicast address space provided in accordance with 
15 the invention is a separation of the multicast address 

space into two components, the first of which is a public 
multicast address space and the second of which is a 
private multicast address space. As shown in Figure 2 r 
the public multicast address space ranges from 2 24.0.0.0 
20 to 231.255.255.255. Similarly the private multicast 

address apace ranges from 232.0. 0.0 to 239 . 255 . 255 . 2S5 . 
By this partitioning of the address space, one can tell 
immediately from a multicast address whether a private 
multicast is undertaken or a public multicast is 
2 5 undertaken. 
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Figure 3 is a database schema showing a typical 
domain named server (DNS) record in accordance with the 
prior art. As shown in Figuxe 3, a dotted decimal 
address 3 00 is mapped against an alias for that address 
5 310 in respective columns of the database table. 

Figure 4 is a database schema of a domain name 
server modified in accordance with one aspect of the 
invention. Columns 400 and 410 correspond to 

approximately to the columns in which entries 30G and 310 
10 of Figure 3 occur. However, in column 410 f instead of a 

fixed station address, an IP Multicast address is 
included. Column 420 contains entries which describe Che 
owner of the multicast address. Typically this would be 
the person setting up the multicast. Column 430 contains 
15 a public key for each private multicast address. Column 

440 contains an optional public or private flag which can 
be used to distinguish public and private multicast^ if 
the address space is not partitioned. 

When using a domain name server of the prior art, a 
20 query using either the network address or it alias will 

result in return of the other value shown in Figure 3. 
When a domain name server is extended in accordance with 
the arrangement shown in Figure 4, it is convenient that 
a query submitted with data from either column 400 or 
25 column 410 will result in return of the entire record 

matching the submitted value. Thus, if one were to 
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search on the alias shown in column 410 of Figure 4, one 
would retrieve not only the network address shown in 
column 400, the owner information shown in 420 but also 
the public key shown in column 430 for the multicast 
session. This ability to retrieve public keys is useful 
as described more in after. 

Figure 5 is a diagram of extension to an Internet 
Group Management Protocol (IGMP) join request in 
accordance with one aspect of the invention- A header 
500, and packet type shown in Field 1 together with a 
requester IP address shown in Field 2 would typically be 
part of prior art IGMP join request. In the extensions 
shown in accordance with one aspect of the invention* an 
optional timestamp may be placed in Field 1 and a random 
key, placed in Field 3, is generated by the requestor. 
The contents of Field 1, Field 2 and Field 3 are 
encrypted or digested and the digest encrypted and placed 
into Field 4. The Cyclic Redundancy Check 510 (CRC) 
encompasses the full IGMP join request. How this extended 
join request is utilized is discussed more hereinafter. 

Figure 6 is a flow chart of an exemplary routing 
element process for determining whether to permit or 
reject an IGMP join request in accordance with one aspect 
of the invention. When an extended IGMP join request is 
received at a router (600) determination is made from the 
address whether or not the multicast is public or private 
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(60S). If it is public (605-public) , the join is 
permitted and the join request forwarded to the next 
routing element along the path, if any (640) . If the 
multicast is private (605-private) a check is made to 
5 determine whether the join request submitted is a 

duplicate of a previous request. One way an unauthorized 
user may attempt to gain access to a multicast would be 
to duplicate a join request submitted by a previous user. 
If the submitted join request ia a duplicate <$10-y) , the 
10 request is rejected. If it is not, a determination is 

made whether the join request is timely (515) . This a 
simple check to see that the join request is appropriate 
for the day and time of the current multicast session. 
This would prevent a user from copying an earlier join 
15 request from an authorized user in an attempt to gain 

access to the current session. If the join request is 
not timely (*15-N) , the request to join ia rejected. If 
it is timely, a check is made to determine whether the 
join request came from a proper link. If it did not 
20 (620-K), the join request is rejected. However, if it 

did, the routing element will obtain the public key dual 
corresponding to the private key utilized to encrypt the 
IGMP extended join request <625) . Preferably, the public 
key is obtained from a domain name server, such as DNS 
25 130 shown in Figure 1. Alternatively, the public key 

could be obtained from a certification authority 150 
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shown in ^ x . U8ing the acquired pubi . c ^ ^ 

4 of the extended r«P jo in request is decrypted usin* 
the pub llc key (630) . ^ reguitia5 inforination 

decrypted from Field 4 should agree with Fields X - 3 If 
^ does, the join is permitted and the Join request ia 
forwarded to the next routing element. If it doeg ^ 
(«5- a >, the join raquest . s raj6cted ^ 

be denied access to the multicast by the router. 

A third aspect of the invention is illustrated in 

prior art IGMP Join request. 

Figure 7B shows a prior art extension to the IGMP 
join request of Figure 7*. Tha extension of the IGMP 
join request of p iguro 7B permit3 . ^ Qf ^ 
be specified which are permitted to sand to the 
requesting the jo in. Similarly, it includes an list of 
Anders prohibited from sending to the address requesting 
the join. T hi a permits a participant in the multicast to 
inform routers to selectively prohibit packets from 
undesirable or disruptive sources from reaching the 
participant. it also permits the uaer to specify the 
list of senders from which the requesting station desires 
to receive information. This allows the filtering out of 
Packets that the user does not desire to see. 

Figure 7C shows an extension to prior art igmp join 
requests in accordance with one aspect of the invention 
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Field 760 and Field 770 permit the use of a liat of 
3 2 -bit masks instead of a liat of senders or receivers. 
Thus, by tailoring a mask, groups of addresses may be 
permitted to aend to the address or barred from sending 
to the address, merely by specifying the bit -mask 
appropriate for the group and the property desired. For 
example, the property may be "permitted to send to this 
address 11 or "prohibited from sending to this address". 

Figure 8 is a flow chart of a process for setting up 
a private multicast in accordance with one aspect of the 
invention- A user desiring to set up a private multicast 
first creates a private /public key pair for the multicast 
(800) . The sponsor or owner of the multicast obtains a 
private multicast address (810) for use during the 
15 multicast. This can either be a permanent assignment or 

a temporary assignment depending on need. The owner of 
the multicast or other designated party may install the 
public key for the multicast in the DNS information for 
the multicast address or in a certification server (820) . 
20 The private key for the multicast is distributed to 

authorized participants in any of several known ways, but 
preferably over the network (810) . At that time, the 
multicast is ready to begin (840) . The receivers that 
desire to participate in the multicast then formulate an 
25 extended join request such as described in Figure 5 . If 

the user is authorized, the routing element will make 
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that determination using the public key installed on the 
domain named server or on the certification server, when 
the routing element is satisfied that the request for 
joining the private multicast is genuine, the routing 
element will begin directing packets addressed to the 
multicast address ta the user who submitted in the 
extended IGMP join request. However, if the user is not 
authorized (as discussed in conjunction with Figure 6) , 
the user will not be permitted to join the multicast and 
the routing element will not forward packets to the user. 

Figure 9A illustrates a computer of a type suitable 
for carrying out the invention. Viewed externally in 
Figure 9A, a computer gystem has a central processing 
unit 300 having disk drives 910A and 910B. Disk drive 
indications 910A and 91 OB are merely symbolic of a number 
of disk drives which might be accommodated by the 
computer system. Typically, these would include a floppy 
disk drive such as 910A, a hard disk drive {not shown 
externally) and a CD ROM drive indicated by slot 910B. 
The number and type of drives varies, typically, with 
different computer configurations. The computer has the 
display 92 0 upon which information is displayed. A 
keyboard 93 0 and a mouse 940 are typically also available 
as input devices. Preferably, the computer illustrated 
in Figure 9A is a SPARC workstation from Sun 
Microsystems, inc. 
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Figure 9B illustrates a block diagram of the 
internal hardware of the computer of Figure 9A. A bug 
950 serves as the main information highway- 
inter connecting the other components of the computer. 
CPU 955 is the central processing unit of the system, 
performing calculations and logic operations required to 
execute programs. Read only memory (9 SO) and random 
access memory (965) constitute the main memory of the 
computer. Disk controller 970 interfaces one or more 
disk drives to the system bus 950. These disk drives may 
be floppy disk drives, such as 973, internal or external 
hard drives, such as 972, or CD ROM or DVD (Digital Video 
Disks) drives such as 971. A display interface 975 
interfaces a display 920 and permits information from the 
bus to be viewed on the display. Communications with 
external devices can occur over communications port 985. 

Computer 900 includes a communications interface 985 
coupled to bus 950. Communications interface 985 
provides a two-way data communications coupling to a 
network link to a local network such as 100D of Figure 1. 
For example, if communications interface 985 is an 
integrated services digital network ( ISDN) card or a 
modem, communications interface 985 provides a data 
communications connection to the corresponding type of 
telephone line. If communications interface 9 85 is a 
local area network (LAN) card, communications interface 
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385 provides a data communications connection to a 
compatible LAN. Wirelesa links are also possible. In 
any such implementation, communications interface $85 
sends and receives electrical, electromagnetic or optical 
signals which carry digital data streams representing 
various types of information. 

The network link typically provides data 
communications through one or more networks such as 10 OA- 
HOD of Figure 1, to other data devices. For example, 
the network link may provide a connection through local 
network to a host computer or to data equipment operated 
by an Internet Service Provider < ISP) . An ISP may in 
turn provide data communications services through the 
world wide packet data communications network now 
commonly referred to as the "Internet". The local 
network and Internet both use electrical, electromagnetic 
or optical signals which carry digital data streams. The 
signals through the various networks and the signals on 
the network link and through communications interface 
98 5, which carry the digital data to and from computer 
90 0 are exemplary forms of carrier waves transporting the 
information. 

Computer 900 can send messages and receive data, 
including program code, through the network (s) , network 
link and communications interface 985. In the Internet 
example, a server might transmit requested code for an 
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application program through internet, ISP, local network 
and communications interface 986, in accordance with the 
invention, one such download application may include 
software implementing the techniques described herein. 
S The received coda may be executed by processor 955 

as it is received, and/or stored in storage devices 960 
and/or 971-973, or other non-volatile storage for later 
execution. In this manner computer 900 may obtain 
application code in the form of a carrier wave. 

10 Figure 9 shows an architecture which is suited for 

either a user workstation or for a routing element. 
However, when configured as a routing element, r/O 
devices will normally only be attached during servicing. 
When configured as a router, a plurality of 

15 communications interfaces 9B5 will normally be provided, 

one for each port . When configured as a controller for 
a switch at a switching node, a hardware interface will 
be provided to link the bus 950 with a switching matrix - 
Figure 9C illustrates an exemplary memory medium 

20 which can be used with drives such as 973 in Figure 9B or 

91 OA in Figure 9A. Typically, memory media such as a 
floppy disk, or a CD ROM, or a Digital Video Disk will 
contain the program information for controlling the 
computer to enable the computer to perform its functions 

2S in accordance with the invention. 
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The approach discussed above provides a simple 
general purpose interface that works across a spectrum of 
varying user needs. It does hot unreasonability increase 
the overhead for setting up and operating the multicast 
for users who would like to continue to set up simple 
open meetings- The systems provides security even if 
outsiders know the IP address and/or port number which 
might otherwise enable them to misbehave or behave 
maliciously. The system is flexible in that it does not 
require the multicast sessions organizers to know the 
identity of all the senders and/or listeners in advance. 
It also permits users to dynamically join the 
discussions . 

Even if the system is compromised, it is possible to 
reasonably limit the damage caused by excluding that user 
or group of users from the conference. The approach 
described here is also compatible with current and 
proposed mechanism and protocols for multicasting. 

Although the present invention has been described 
and illustrated in detail, it is clearly understood that 
the same is by way of illustration and example only and 
is not to be taken by way of limitation, the spirit and 
scope of the present invention being limited only by the 
terms of the appended claims and their equivalents. 



(35) 

22 

What is claimed is : 
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1. A routing element for multicast digital 
communicdtions, comprising: 

a. at least one input port; 

b. at least one output port; 

5 c. a processor Cor controlling packet routing from 

an input port to an output pore, said processor 
configured to obtain a public key and to decode at least 
a portion of a multicast join request submitted by a user 
using said public key to verify that said user is 
10 authorized to Join a multicast. 



2. The routing element of claim 1 in which said 
public key is obtained from a domain name server . 



3. The routing element of claim 1 in which said 
public key is obtained from a certification authority. 

4. The routing element of claim 1 which blocks 
multicast packets from a particular multicast to said 
user, unless the decoding of the multicast join request 
submitted by said user indicates said user is authorized 

5 to join said particular- multicast. 
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5. The routing element of claim 1 in which the 
processor is configured Co obtain a public Key only when 
a multicast join request specifies a multicast address 
which is within a private multicast address apace. 



6. The routing element of claim 1 in which the 
processor is configured to block multicast packets 
received from senders blocked from sending to a receiver 
as indicated by a bit -mask received with a multicast join 
5 request.. 



7. Apparatus for participating in a multicast, 
comprising : 

a. a communications port; 

b. a processor for controlling communications over 
5 said communications port; said processor configured to 

send a private multicast join request.' 

8. Apparatus of claim 7 in which said multicast join 
request includes a first field identifying a user 
requesting participation in a particular multicast and a 
second field containing the results of encrypting at 

5 least one of said first field or a digest of said first 

field using a private key. 
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_ 9. _ Apparatus of claim 7 in which said second field 

contains the results of encrypting one of said first 
field and a third field containing a randomly generated 
key or a digest of said first field and said third field. 

10. Apparatus of claim 7 in which said join request 
includes at least one bit-mask, a bit-mask specifying one 
of a group of senders permitted to send to said 
communications port and a group of senders prohibited to 
send to said communications port. 

11. A domain name server comprising: 

a. a communications port; 

b. a memory storing records relating a network 
address or alias for a multicast with a corresponding 

5 public key of a public/private key encryption pair; and 

c. a processor controlling said communications port; 
said processor being configured to send, in response to 
a network address or alias received over said 
communications port, said corresponding public key. 

12 . The server of claim 11 in which said records 
include an indicacion of an owner of a multicast. 
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13 . The server of claim 11 in which said records 
include an indication distinguishing whether a multicast 
is public or private. 

14. A communications system for multicasting 
information from at least one source to a plurality of 
receivers, comprising: 

a. a plurality of sub- networks, each having at least 
5 one user device connected thereto,- and 

b. at least one routing element, connecting at least 
two sub -networks, configured to distinguish between 
public and private multicast 3. 

15. The system of claim 13, further comprising: 

a domain name server , connected to a sub- network, storing 
records relating a network address or alias with a public 
key of a public/private key encryption pair. 

16. The system of claim 13, further comprising: 

a certification authority, connected to a sub-network, 
storing records relating a network address or alias with 
a public key of a public/private key encryption pair. 

17. The system of claim 13 in which a user device is 
configured to request participation in a private 
multicast . 
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IB. A method of operating a communications system 
comprising the step of : 

providing a multicast address space having a 
aubspace for public multicasts and a subspace for private 
5 mult icasts. 

19. A method of sending a multicast join request, 
comprising the step of: 

a. sending first information including a user 
identification together with an encrypted version of said 
5 first information. 

20. The method of claim 18 in which said first 
information further includes a random key. 

21. A method of sending a multicast join request 
from a user, comprising the step of: 

a. sending a list of bit^raaskg specifying at least 
one of a group of senders permitted to send to said user 
5 and a group of senders prohibited from sending to said 

user. 

22. A method of processing a multicast join request 
at a router, comprising the step of: 
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a. determining whether the requesc relates to a 
public or private multicast - 

23. The method of claim 21, further comprising the 
steps of : 

a. obtaining a public key and using the public key 
to decrypt at least a portion of said request. 

24. The method of claim 22, further comprising, the 
step of granting said multicast join request when a 
decrypted portion of said request matches another portion 
of said request. 

25. , A method of establishing a private multicast, 
comprising the steps of: 

a. creating a private/public key encryption pair; 

b. distributing private keys to authorized 
participants in the multicast ; 

c . obtaining a private multicast address ; and 

d. installing the public key for the multicast on a 
domain name server or on a certification authority. 

26. A computer program product, comprising: 

a. a memory medium; and 

b. a computer program stored on said memory medium, 
said computer program comprising instructions for 
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providing a multicast address space having a subspace for 
public mult leasts and a subspace for private mult leasts. 

27 . The computer program product of claim 25 in 
which said program is transmitted from said memory medium 
over a network interface. 



2B. A computer program product, comprising: 

a. a memory medium; and 

b. a computer program stored on said memory medium, 
said computer program comprising instructions for sending 

5 a multicast join request, including a user identification 

together with an encrypted version of said user 
identification, 

29. The computer program product of claim 27 in 
which said program is transmitted from said memory medium 
over a network interface. 



30. A computer program product, comprising: 

a. a memory medium; and 

b. a computer program stored on said memory medium r 
said computer program comprising instructions for sending 

5 a group specific multicast join including a bit -mask 

specifying at least one of a group of senders permitted 
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to send to said user and a group of senders prohibited 
from sending to said user. 

31. The computer program product of claim 29 in 
which said program transmitted from said memory medium 
over a network interface. 

32. A computer program product, comprising: 

a. a memory medium; and 

b. a computer program stored on said memory medium, 
said computer program comprising instructions for 

5 determining whether the request relates to a public or 

private multicast and for obtaining a public key and 
using the public key to decrypt at leaat a portion of 
said request. 

33. The computer program product of claim 31 in 
which said program is transmitted from said memory medium 
over a network interface. 

34. A computer program product, comprising: 

a. a memory medium; and 

b. a computer program stored on said memory medium, 
said computer program comprising instructions for 

5 creating a private/public key encryption pair; obtaining 

a private multicast address; and installing the public 
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key for the multicast on a domain name server or on a 
certification authority. 

35. The computer program product of claim 33 in 
which a a id program is transmitted from said memory medium 
over a network interface . 

36. A computer data signal embodied in a carrier 
wave and representing; a sequence of instruct ion a which, 
when executed by one or more processors, causes the one 
or more processors to obtain a public key and decode at 

5 least a portion of a multicast join request submitted by 

a user using said public key. 

37 . A memory for storing data for access by an 
application program being executed on a computer, 
comprising: 

a data structure stored in memory, said data 
5 structure comprising an IGMP join request, a requestor IP 

address and an encrypted version of at least part of 
information contained in the IGMP join request and said 
requestor IF address. 

38 . A memory for storing data for access by a 
server program being executed on a computer, comprising: 

31 

a data structure stored in memory, said data 
structure including a plurality of entries, each entry 
5 including a multicast address and an indication whether 

the multicast address is a public or a private multicast. 



39. The memory of claim 3B in which data structure 
entries include a location for storage of a public key. 
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Mule least communications are expanded to include the 



dedicated to multicast is partitioned into a subspace for 
public mult leasts and a subspace for private multicasts. 
A public key/private key encryption pair is used for 
private multicasts and installed on domain name servers 
or on certification authorities. Portions of a multicast 
join recjuest are sent together with a corresponding 
encrypted version. Private multicast equipped routers 
receive the multicast join request, retrieve the public 
key from a domain name server or from a certification 
authority and decrypt the encrypted portion of the join 
request to determine if the requestor is authorized. 
Group specific multicast joins are also permit ced by 
sending a bit -mask identifying a group of senders which 
are authorized or prohibited from sending to a user 
joining a multicast. 



concept of private multicasts . 



An address space 



